search

oracle-terraform-modules / terraform-oci-compute-instance

Terraform Module for creating Oracle Cloud Infrastructure compute instances
https://registry.terraform.io/modules/oracle-terraform-modules/compute-instance/oci/latest
Other
46 stars 62 forks source link

Add support for ssh_public_key string to align module usage with operator and bastion module #67

Closed calorbeer closed 3 years ago

calorbeer commented 3 years ago

Community Note

Description

Both oracle-terraform-modules bastian and operator modules support ssh public keys to be passed in as strings and as files. terraform-oci-compute-instance only supports files which makes it challenging to write terraform code that automatically assigns ssh keys. Adding support for ssh_public_key would align all three modules in terms of ssh key usability.

New or Affected Resource(s)

oci_core_instance

Potential Terraform Configuration

Add the following two variables:

variable "ssh_public_key" {
  description = "the content of the ssh public key used to access the compute instance. set this or the ssh_public_key_path"
  default     = ""  
  type        = string
}
variable "ssh_public_key_path" {
  description = "path to the ssh public key used to access the compute instance. set this or the ssh_public_key"
  default     = ""
  type        = string
}

Replace

resource "oci_core_instance" "this" {
...
metadata = {    
  ssh_authorized_keys = file(var.ssh_authorized_keys)
]
...
}

by

resource "oci_core_instance" "this" {
...
metadata = {    
  ssh_authorized_keys = var.ssh_public_key != "" ? var.ssh_public_key : file(var.ssh_public_key_path)
]
...
}

References

calorbeer commented 3 years ago

In order to keep backwards compatibility I'd like to propose a different solution: ssh_authorized_keys is kept however metadata block is changed to

resource "oci_core_instance" "this" {
...
metadata = {
    ssh_authorized_keys = (var.ssh_public_key != "" ? var.ssh_public_key : 
                          (var.ssh_public_key_path != "" ? file(var.ssh_public_key_path) : 
                          (var.ssh_authorized_keys != "" ? file(var.ssh_authorized_keys) : "")))
...
   }
}
kral2 commented 3 years ago

@calorbeer version 2.2.0-RC1 was released. It includes the change you suggested on ssh public keys. Give it a try when you can and let me know if that works for you :-)

calorbeer commented 3 years ago

@kral2 It looks like there's an issue that ssh variables defaults to null. If var.ssh_public_key is set ssh ssh_authorized_keys is set correctly however if it's null the condition is also true and as a result it is set to null. The file statements are never reached. To avoid this the variables either need to default to "" or the conditions have to test for != null and "".

kral2 commented 3 years ago

Thank you for this feedback @calorbeer I have opened #70, let's continue the discussion there.